From 82d5d46c14db2079c437a697e82d250befa37a7c Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Thu, 12 Jul 2001 08:51:47 +0000
Subject: [PATCH] Some of the Kerberos code had dissapeared.  Reapply.

---
 ssl/s3_clnt.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 3451ba7939..413e2e6551 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -766,7 +766,12 @@ static int ssl3_get_server_certificate(SSL *s)
 		}
 
 	i=ssl_verify_cert_chain(s,sk);
-	if ((s->verify_mode != SSL_VERIFY_NONE) && (!i))
+	if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)
+#ifndef OPENSSL_NO_KRB5
+                && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK))
+                != (SSL_aKRB5|SSL_kKRB5)
+#endif /* OPENSSL_NO_KRB5 */
+                )
 		{
 		al=ssl_verify_alarm_type(s->verify_result);
 		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
-- 
2.25.1